Re: Password hashs issue

[Dave Dearinger <ddearinger () hdnfmc com>]

Would this be a domain administrator account for Osem Investments Ltd. 
of Israel?
I just noticed that it happens to be the name of an Israeli corporation 
and that a person using the email address juanbabi () yahoo com has posted 
to Hebrew language forums in the past.
Of course this is all speculation on my part. I'm just sayin' ...
Google works.


Juan B wrote:
> Hi,
>
> I installed a sniffer (cain) in the lan and captured
> those hashes:
>
> osem\admin:"":"":C0486DB4163A37A100000000000000000000000000000000:4A38D0EBABB88EED889E65B54991DD13012394965AC9D022:77D205A26EFBE92D
> osem\support:"":"":BBCCBAD529AE258800000000000000000000000000000000:9FBFAB6785A7EAF41AD0DE20F285AC9DBA945EC20C3AE1Bosem\user_analyst:"":"":2E158D68FD3B262200000000000000000000000000000000:842F9192A7190AF20158FCB4B3E3A5E5D0BE2E7DE5C392B0:7D1D7EF0DD3920A0
> osem\LDAP_anonymous:"":"":DE3D8AFCD5D2FE8A00000000000000000000000000000000:8DA07C7F7F3BC38CECFCBDDA3186BE66EA9685FE7B061172:5A128695BF6DD28F
> osem\administrator:"":"":76BE5E6E99AA009F97F702A69C5B9BFCDC09EBBA9F40F700:B4EBBC575171CB781859CB23279A6941981FABCD17399457:71E69612101A3557
> osem\Manager:"":"":E3D22494A6388F62287F810F06B81555495AEF4F7773738A:80A123BA224D5514AA12BA6AF9697A8B110AB358A03F0D80:9361278F0206A59F
>
> Now cain tells me that the first part is LM hash and
> the second part is NT hash it also shows nt challenge
> for all of the passwords,for the first 3 users it says
> that the type is NTLM session security and for the
> rest they are LN & NTLM + challenge. 
> I want to find out what are the passwords so I tried
> to paste those hashes in plain-text.info but it tells
> me that its the wrong format, what an I doning wrong ?
> please help!
>
> Juan
>
>
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
>
>
>
>